When we first set out to design Chrome, we knew we had a unique opportunity to improve the security of the web. In addition to speed and simplicity, we’ve been adamant that security be a central tenet of everything we build. Chrome and the web have since come a long way, and we’ve been challenged to protect a complex and rapidly changing browser against the many threats that emerge on the web.

After spending tens-of-thousands of hours working on ways to make users safer on the web, we thought it might be worth sharing the Chrome security principles that guide the work that we do.

http://www.chromium.org/developers/design-documents/sandbox explains the policy contanment using a restricted token (protects admin space), a windows job object (makes sure also some user-handles and global objects tokens are protected, which reduces side by side intrusion at limited user level), alternate desktop (also hardens against messaging between objects/services) and the integrity levels (on Vista/Windows 7 making use of Low Intergity level, making all medium level intergrity - limited user objects/processes a no-go area).

Nothing in there about the extension vetting process, that I could find anyway.

Click to expand...

Well, that article is about Chromium, and not Google Chrome. Chromium doesn't belong to Google... ... so, we'd see some explaining about the vetting process (or lack of it, if that's the case), if the article was about Google Chrome.

Extensions aren't officially developed for Chromium, but for Google Chrome. There's no Chromium Web Store...

Well, that article is about Chromium, and not Google Chrome. Chromium doesn't belong to Google... ... so, we'd see some explaining about the vetting process (or lack of it, if that's the case), if the article was about Google Chrome.

Extensions aren't officially developed for Chromium, but for Google Chrome. There's no Chromium Web Store...

Click to expand...

It's my understanding that Chromium is basically the breeding ground for future Chrome releases..am I not correct on that? If I am, then the article is still relevant. I do recall Chromium not sandboxing Flash, but I believe that is where one of the few differences ends.

It's my understanding that Chromium is basically the breeding ground for future Chrome releases..am I not correct on that? If I am, then the article is still relevant. I do recall Chromium not sandboxing Flash, but I believe that is where one of the few differences ends.

Click to expand...

Yes, the article is 100% relevant.

But, anything about a Google Chrome extensions vetting process would never be presented to us in Chromium articles. It would be in Google Chrome article; most likely here -https://www.google.com/chrome/intl/en-US/more/index.html I'd say, or some other place other than in a Chromium article.

Yeah, I thought it was about Google Chrome browser.
Looked like it to me.

The constant reference throughout the article to Chrome (rather than Chromium) is what did it, I guess... and the references to browsers and browsing.

Click to expand...

Well, now that you mention it, I am seeing reference to We also employ the best available anti-exploit technologies—including ASLR, DEP, JIT hardening, and SafeSEH—along with custom technologies like Safe Browsing, out-of-date plugin blocking, silent auto-update, and verified boot on Chrome OS.

In the end, they're talking a bit about both (Chromium and Chrome). Who knows, maybe they would talk about an extensions vetting process there. Who knows...

Yes, the constant reference to Chrome, rather than Chromium does confuse a bit. I like to see it this way: Chromium - open source project, not directly associated with Google; Google Chrome - a freeware project based on Chromium, provided by Google. So, I'd also like to see a more clear distinction done by Chromium developers as well, even if most (all? lol) are from Google. I've seen some people referring to Google Chrome as open source, but to the best of my knowledge, it's not. It's just like COMODO Dragon, both are based on an open source project.

I think if there were an extension vetting process worth talking about they'd do so. At this point I just don't believe there is one and I do believe we're going to start seeing users taken advantage of via the store.

Not all Chromium developers are Google employees btw. But you can't just start making commits, you need to be given write access to the svn.

Chrome is not open source because it includes Flash and their PDF reader is also closed source. Everything else is open.

[...]
Chrome is not open source because it includes Flash and their PDF reader is also closed source. Everything else is open.

Click to expand...

Google Chrome isn't open source, but not because of what you mention. Just because Google Chrome is based on Chromium, it doesn't make it open source. You don't have access to Google Chrome's source code. You have access to Chromium's source only; this one an open source project. Just because you access Chromium's source and Google Chrome is based on it, that doesn't make it open source.

COMODO Dragon is closed source, yet it's based on Chromium. Just because I trust Chromium, for being open source, that doesn't mean I'll trust COMODO Dragon. They may share the code, but they have different code, code added and/or modified by COMODO. The same happens with Google Chrome.

Can you point me to the Google Chrome's source code, where I can see the differences between Google Chrome and Chromium's code? No. You can only point me to Chromium's source code, because that's the only open source project; not Google Chrome.

I think if there were an extension vetting process worth talking about they'd do so. At this point I just don't believe there is one and I do believe we're going to start seeing users taken advantage of via the store.

Well, it's equally silly to drag in standards when I'm asking whether something is opinion or fact:
"There’s a common misconception that security can be handled as a feature or add-on component. "

Click to expand...

I believe it to be true, that security can't truly be handled as an add-on component. Add-ons/extensions are really just a way to cover weaknesses in the built-in security. What they mean by "features", I don't know. To me, the sandbox in Chrome is a "feature", so is built in Flash/PDF. IE Smart Screen is a "feature", and yada yada. If they mean it in that sense, then to me it says "don't trust our sandbox/SmartScreen, so on and so forth. It won't do that much for you".

I think if there were an extension vetting process worth talking about they'd do so. At this point I just don't believe there is one and I do believe we're going to start seeing users taken advantage of via the store.

Click to expand...

Agree and disagree. I disagree that there is no vetting process worth them discussing/doing. Mozilla's vetting process has worked out rather well all this time. Chrome, well, they barely seem to care, so I guess they wouldn't talk much about it. I also agree that their store and others are going to become bigger sources of problems in not too long of time.

I suppose. EDIT: I mean, unless you compile the code yourself for Chromium, who's to say their buildbot isn't slipping something in? You wouldn't be able to tell after compilation.

Click to expand...

That's beside the point, isn't it? My point was to make it clear Google Chrome isn't open source, because there's no source code available. For something to be open source, they need to provide the code.

And, while what you said is true, the same can be applied to any open source project, including Linux. Once compiled, how do we know we can trust this or that distribution? The true magic is for us to compile it ourselves, right? But, then again, Linux kernel has more than 15 million lines of code, according to this -http://www.h-online.com/open/news/item/Linux-kernel-exceeds-15-million-lines-of-code-1409952.html

I wouldn't be the one looking through all that. That much I can tell you.